The Linley Group

A Guide to Security Processors and Accelerators,
Sixth Edition

Table of Contents

Preface	xvii
Executive Summary	xix

Chapter 1. Security-Processing Concepts	1
Cryptography Basics	1
Why Use Encryption?	1
What Is Encryption?	1
Cryptography Concepts	2
Keys and Key Exchange	2
Hashing	3
Authentication	3
Cryptography Applications	4
Virtual Private Networks	4
Secure Browsing	4
Wireless Vice and Data Security	5
TCP and Network-Level Security	5
TCP Termination and Proxies	6
Denial-of-Service Attacks	7
Firewalls	8
Intrusion Detection and Prevention	9
Regular-Expression Matching	10
Content Inspection	11
Compression	12
Virus and Spam Prevention	12
Application-Level and XML Security	13
Chapter 2. Security Standards	15
Cryptographic Algorithms	15
DES and 3DES	15
Advanced Encryption Standard (AES)	16
RC4	16
SHA-1, SHA-2, MD5, and HMAC	17
Diffie-Hellman Key Exchange	17
RSA	18
DSS and DSA	19
Elliptic-Curve Cryptography	19
LZS and Deflate	19
Security Protocols and Standards	20
IPSec	20
IKE	22
IPComp	23
PPTP and PPP	24
SRTP	24
SSL and TLS	24
FIPS 140	25
MACSec	26
Authentication	26
Wireless Security Protocols	26
Wi-Fi and 802.11	26
WiMAX	27
3G Wireless	27
Chapter 3. Security-Processor Background	29
Integrated Security Processors	29
Common Characteristics	30
VPN and SSL Accelerators	31
Accelerating Encryption	31
Common Features	33
Software Issues	34
Measuring Performance	35
Algorithms	35
Measuring Wire Speed	35
Packet Size	36
Protocol Throughput	37
Content-Inspection Accelerators	38
Chapter 4. Trends and Market Overview	41
Security Applications	41
SSL for E-Commerce	41
IPSec VPNs	42
SSL VPNs	43
Unified Threat Management	43
Technology Trends	44
Emergence of Secure Processors	44
Convergence of Content-Processing and Security Functions	45
Delivered Performance	46
Advances in Cryptography	47
IP Licensing	47
Market Size and Vendor Share	48
Chapter 5. Integrated Security Processors	51
Cavium Octeon	51
Company Background	51
Key Features and Performance	52
Security-Design Details	54
Product Roadmap	57
Conclusions	57
Freescale MPC8548 and MPC8572	58
Company Background	58
Key Features and Performance	59
Security-Design Details	61
Product Roadmap	63
Conclusions	63
Intel IXP2855	64
Company Background	64
Key Features and Performance	64
Product Roadmap	66
Conclusions	66
Mistletoe VF	67
Company Background	67
Key Features and Performance	67
Design Details	68
Conclusions	69
P.A. Semi PWRficient	70
Company Background	70
Key Features and Performance	71
Conclusions	72
Raza Microelectronics XLR and XLS	73
Company Background	73
Key Features and Performance	74
Security-Design Details	76
Product Roadmap	78
Conclusions	78
SafeNet SafeXcel-51xx	80
Company Background	80
Key Features and Performance	80
Conclusions	81
Chapter 6. VPN and SSL Accelerators	83
Broadcom BCM58xx	83
Company Background	83
Key Features and Performance	84
Design Details	85
Conclusions	86
Cavium Nitrox	87
Key Features and Performance	87
Design Details	89
Conclusions	91
Hifn HIPP	92
Company Background	92
Key Features and Performance	92
Design Details	94
Conclusions	97
SafeNet SafeXcel-184x/3140	98
Key Features and Performance	98
Design Details	100
Conclusions	102
Chapter 7. Content-Inspection Accelerators	103
NetLogic NETL7	103
Company Background	103
Key Features and Performance	103
Conclusions	104
Sensory Networks NodalCore	105
Company Background	105
Key Features and Performance	105
Conclusions	106
Tarari T9000/T10	107
Company Background	107
Key Features and Performance	108
Design Details	110
Product Roadmap	111
Conclusions	112
Chapter 8. Product Comparisons	115
Integrated Security Processors	115
SME-Class Processors	116
Large-Enterprise Class Processors	119
VPN and SSL Accelerators	123
Lookaside VPN Accelerators	123
Flow-Through VPN Accelerators	125
SSL Accelerators for E-Commerce	126
Content-Inspection Accelerators	127
Chapter 9. Conclusions	131
Vendor Outlook	132
Market Directions	134

Appendix: Further Reading	137
Index	139
List of Figures
List of Tables